On mitigating distributed denial of service attacks

Denial of service (DoS) attacks and distributed denial of service (DDoS) attacks are probably the most ferocious threats in the Internet, resulting in tremendous economic and social implications/impacts on our daily lives that are increasingly depending on the wellbeing of the Internet. How to mitigate these attacks effectively and efficiently has become an active research area. The critical issues here include 1) IP spoofing, i.e., forged source lIP addresses are routinely employed to conceal the identities of the attack sources and deter the efforts of detection, defense, and tracing; 2) the distributed nature, that is, hundreds or thousands of compromised hosts are orchestrated to attack the victim synchronously. Other related issues are scalability, lack of incentives to deploy a new scheme, and the effectiveness under partial deployment. This dissertation investigates and proposes effective schemes to mitigate DDoS attacks. It is comprised of three parts. The first part introduces the classification of DDoS attacks and the evaluation of previous schemes. The second part presents the proposed IP traceback scheme, namely, autonomous system-based edge marking (ASEM). ASEM enhances probabilistic packet marking (PPM) in several aspects: (1) ASEM is capable of addressing large-scale DDoS attacks efficiently; (2) ASEM is capable of handling spoofed marking from the attacker and spurious marking incurred by subverted routers, which is a unique and critical feature; (3) ASEM can significantly reduce the number of marked packets required for path reconstruction and suppress false positives as well. The third part presents the proposed DDoS defense mechanisms, including the four-color-theorem based path marking, and a comprehensive framework for DDoS defense. The salient features of the framework include (1) it is designed to tackle a wide spectrum of DDoS attacks rather than a specified one, and (2) it can differentiate malicious traffic from normal ones. The receiver-center design avoids several related issues such as scalability, and lack of incentives to deploy a new scheme. Finally, conclusions are drawn and future works are discussed

Botnets and Distributed Denial of Service Attacks

With their ever increasing malicious capabilities and potential to infect a vast majority of computers on the Internet, botnets are emerging as the single biggest threat to Internet security. The aim of this project is to perform a detailed analysis of botnets and the vulnerabilities exploited by them to spread themselves and perform various malicious activities such as DDoS attacks. DDoS attacks are without doubt the most potent form of attacks carried out by botnets. In order to better understand this growing phenomenon and develop effective counter measures, it is necessary to be able to simulate DDoS attacks in a controlled environment. Simulating a DDoS attack with control over various simulation and attack parameters will give us insights into how attacks achieve stealth and avoid detection. A detailed analysis of existing DDoS defense strategies and proposals combined with the insights derived from simulation should enable us to come up with innovative and feasible solutions to prevent and mitigate DDoS attacks carried out using Botnet

Distributed denial-of-service attacks

Distributed Denial-of-Service (DDoS) attacks are the intimidation trials on the Inter-net that deplete the network bandwidth. Researchers have introduced various defense mechanisms including attack prevention, traceback, reaction, detection, and character-ization against DDoS attacks, but the number of these attacks increases every year, and the ideal solutions to this problem have eluded us so far. A classification of detec-tion approaches against DDoS attacks is presented with the aim of giving deep insight into the DDoS problem

Scalable schemes against Distributed Denial of Service attacks

Defense against Distributed Denial of Service (DDoS) attacks is one of the primary concerns on the Internet today. DDoS attacks are difficult to prevent because of the open, interconnected nature of the Internet and its underlying protocols, which can be used in several ways to deny service. Attackers hide their identity by using third parties such as private chat channels on IRC (Internet Relay Chat). They also insert false return IP address, spoofing, in a packet which makes it difficult for the victim to determine the packet\u27s origin. We propose three novel and realistic traceback mechanisms which offer many advantages over the existing schemes. All the three schemes take advantage of the Autonomous System topology and consider the fact that the attacker\u27s packets may traverse through a number of domains under different administrative control. Most of the traceback mechanisms make wrong assumptions that the network details of a company under an administrative control are disclosed to the public. For security reasons, this is not the case most of the times. The proposed schemes overcome this drawback by considering reconstruction at the inter and intra AS levels. Hierarchical Internet Traceback (HIT) and Simple Traceback Mechanism (STM) trace back to an attacker in two phases. In the first phase the attack originating Autonomous System is identified while in the second phase the attacker within an AS is identified. Both the schemes, HIT and STM, allow the victim to trace back to the attackers in a few seconds. Their computational overhead is very low and they scale to large distributed attacks with thousands of attackers. Fast Autonomous System Traceback allows complete attack path reconstruction with few packets. We use traceroute maps of real Internet topologies CAIDA\u27s skitter to simulate DDoS attacks and validate our design

Flooding Distributed Denial of Service Attacks-A Review

Flaws either in users’ implementation of a network or in the standard specification of protocols has resulted in gaps that allow various kinds of network attack to be launched. Of the kinds of network attacks, denial-of-service flood attacks have caused the most severe impact. Approach: This study reviews recent researches on flood attacks and their mitigation, classifying such attacks as either high-rate flood or low-rate flood. Finally, the attacks are compared against criteria related to their characteristics, methods and impacts. Results: Denial-of-service flood attacks vary in their rates, traffic, targets, goals and impacts. However, they have general similarities that are the methods used are flooding and the main purpose is to achieve denial of service to the target. Conclusion/Recommendations: Mitigation of the denial-of-service flood attacks must correspond to the attack rates, traffic, targets, goals and impacts in order to achieve effective solution

Flooding Distributed Denial of Service Attacks-A Review

Problem statement: Flaws either in users’ implementation of a network or in the standard specification of protocols has resulted in gaps that allow various kinds of network attack to be launched. Of the kinds of network attacks, denial-of service flood attacks have caused the most severe impact. Approach: This study reviews recent researches on flood attacks and their mitigation, classifying such attacks as either high-rate flood or low-rate flood. Finally, the attacks are compared against criteria related to their characteristics, methods and impacts. Results: Denial-of service flood attacks vary in their rates, traffic, targets, goals and impacts. However, they have general similarities that are the methods used are flooding and the main purpose is to achieve denial of service to the target. Conclusion/Recommendations: Mitigation of the denial-of service flood attacks must correspond to the attack rates, traffic, targets, goals and impacts in order to achieve effective solution

IoT Botnets Analysis

A botnet is a set of connected devices which have been infected with malware that allows an attacker to gain remote control and coordinate their actions. Attackers most commonly use their botnets to launch DDoS (Distributed Denial of Service) attacks but they can also be used to send spam emails, sniff out sensitive passwords, or spread ransomware